Overview

SecAst (Security For Asterisk) is an intrusion detection and prevention system designed specifically to protect Asterisk based phone systems against attack and fraud. SecAst uses a variety of techniques to detect intrusion attempts, halt ongoing attacks, and prevent future attacks. In addition, SecAst uses advanced techniques to detect valid credentials that have been disclosed / compromised and are being abused. SecAst also uses heuristic algorithms to detect fraudulent activity based on known attack patterns. Upon detection SecAst blocks the current attacker from the Asterisk host at the network level. SecAst can also allow/deny any user based on the greographic source (country / region / city) of their IP address.

SecAst is a 100% software solution, communicating with Asterisk primarily through the Asterisk Management Interface (AMI), but also monitoring Asterisk message/security logs for relevant information, and also communicating with the Linux network interfaces. The data from these sources allows SecAst to monitor connection and dial attempts with invalid credentials, the rate at which users/peers are dialing, the number of channels in use by user/peer across all protocols, the source IP of remote users/peers, etc. By combining this data SecAst can effectively stop attacks/fraud in its tracks, and alert the administrator with details of each attack.

SecAst offers detailed geographic allow/deny rules (geofencing) down to the city level without large or complex firewall rules (all geofencing rules remain within SecAst). Use of geofencing dramatically reduces the number of, and risk from, attacks, allowing administrators to quickly eliminate continents/countries/regions/cities where their users would never be located.

SecAst offers extensive interfaces to interact with other programs, utilities, external firewalls, billing systems, etc. allowing for considerable customization. For example, changes in Threat Level can trigger scripts which alert administrators, shutdown interfaces, change firewall rules, etc.

SecAst is available in both free and commercial editions. You can get SecAst, as well as more documentation, at www.generationd.com.

Asterisk Compatibility

SecAst is compatible with a broad range of Asterisk versions and distributions. SecAst works with Asterisk versions 1.4 through 12, both 32-bit and 64-bit. SecAst is also compatible with a wide range of Asterisk distributions, from Digium's plain old Asterisk, to FreePBX and PBX In A Flash and TrixBox, to 3rd Lane and more. SecAst is also the only product to work across multiple protocols/modules including PJSIP,SIP,IAX,IAX2,MGCP (and more). ...